Skip to content
/ FindGPPPasswords Public
forked from p0dalirius/FindGPPPasswords

FindGPPPasswords, A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts.

podalirius.net/
0 stars 20 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Frost77A/FindGPPPasswords

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.github
.github
 
 
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

FindGPPPasswords, A cross-platforms tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts.
Build and Release GitHub release (latest by date) YouTube Channel Subscribers

Features

  • Only requires a low privileges domain user account.
  • Automatically gets the list of all domain controllers from the LDAP.
  • Finds all the Group Policy Preferences Passwords present in SYSVOL share on each domain controller.
  • Decrypts the passwords and prints them in cleartext.
  • Outputs to a Excel file with option --export-xlsx <path_to_xlsx_file>.
  • Option to test the credentials of the found GPP passwords with the --test-credentials option.

Demonstration

By default, the tool will only find the GPP passwords and print them in cleartext:

./FindGPPPasswords-linux-amd64 --domain <domain> --username <username> --password <password>

There is also the possibility to test the credentials of the found GPP passwords with the --test-credentials option.

./FindGPPPasswords-linux-amd64 --test-credentials --domain <domain> --username <username> --password <password>

Usage

$ ./FindGPPPasswords-linux-amd64 -h
FindGPPPasswords - by @podalirius_ - v1.1

Usage: FindGPPPasswords [--quiet] [--debug] [--no-colors] [--export-xlsx <string>] [--test-credentials] --domain <string> --username <string> [--password <string>] [--hashes <string>] [--threads <int>] [--nameserver <string>] --dc-ip <string> [--ldap-port <int>] [--use-ldaps]

  -q, --quiet      Show no information at all. (default: false)
  -d, --debug      Debug mode. (default: false)
  -nc, --no-colors No colors mode. (default: false)

  Additional Options:
    -x, --export-xlsx <string> Path to output Excel file. (default: "")
    -tc, --test-credentials    Test credentials. (default: false)

  Authentication:
    -d, --domain <string>   Active Directory domain to authenticate to.
    -u, --username <string> User to authenticate as.
    -p, --password <string> Password to authenticate with. (default: "")
    -H, --hashes <string>   NT/LM hashes, format is LMhash:NThash. (default: "")
    -T, --threads <int>     Number of threads to use. (default: 0)

  DNS Settings:
    -ns, --nameserver <string> IP Address of the DNS server to use in the queries. If omitted, it will use the IP of the domain controller specified in the -dc parameter. (default: "")

  LDAP Connection Settings:
    -dc, --dc-ip <string>  IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted, it will use the domain part (FQDN) specified in the identity parameter.
    -lp, --ldap-port <int> Port number to connect to LDAP server. (default: 0)
    -l, --use-ldaps        Use LDAPS instead of LDAP. (default: false)

Contributing

Pull requests are welcome. Feel free to open an issue if you want to add other features.

About

FindGPPPasswords, A cross-platform tool to find and decrypt Group Policy Preferences passwords from the SYSVOL share using low-privileged domain accounts.

podalirius.net/

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 100.0%